A Cloud Management Revolution

Extolling the benefits of cost savings, the past three federal Chief Information Officers have ushered in the era of cloud computing for federal agencies. Back in 2011, the White House mandated that agencies consider cloud before all other technology solutions. But investing in the cloud and optimizing the processes and procedures in the cloud are two radically different propositions.

In order to better understand how to get the true value out of the cloud, GovLoop sat down with BMC’s Vice President and Deputy Chief Technology Officer, Herb VanHook. “The initial reason most federal agencies consider cloud solutions is the promise of lower costs. While the cost efficiency of cloud can work in many cases, it does not work in every case. Sometimes, the short-term cost is attractive, but longer-term, the total cost will be greater. However, cloud computing can deliver the service flexibility and agility demanded by agencies with dynamic or sporadic technology requirements, and these capabilities can often outweigh additional cost considerations.”

Before an agency invests in the cloud, VanHook suggests agencies consider three key areas:

Security Classifications: This is often the biggest barrier in “moving to cloud.” The security requirements for data, applications and workloads greatly dictate where they may reside and run. For example, FedRAMP currently specifies controls for securing low-impact and moderate-impact systems in the cloud. Efforts are underway to develop requirements for securing high-impact systems.

Suitability: New system architectural models are emerging to take optimum advantage of dynamic cloud resources. Often, legacy systems have a poor fit with new cloud services, as they cannot take full advantage of the cloud features. This is a key consideration when thinking of migrating workloads to cloud.

As agencies adopt cloud-computing models, they will face new technology management challenges because cloud represents a
new type of IT. One solution agencies can leverage to assist in the implementation and operations of infrastructure and platform cloud services is a Cloud Management Platform (CMP). A CMP can be used to build and operate a private cloud, it can be used to broker access to multiple clouds, and it can be used to govern and manage ongoing cloud services – public or private.

“Many current cloud solutions require IT staff to have programming skills, as the cloud services are typically exposed through an API,” said VanHook. “However, agencies often want an easier self-service interface to cloud resources. A CMP can provide such an interface, with a catalog overlay, and a request model for more sophisticated cloud services – beyond the atomic compute and storage models you see with many cloud solutions. BMC has one of the industry leading CMP’s in its Cloud Lifecycle Management solution.”

“Cloud computing is not just about technology, it also means a change in existing processes and culture,” VanHook explained. “By its nature, cloud computing introduces new flexible options, new models for rapid change and innovation, and demands for new skill sets with the IT staff. We have even seen organizational changes, with new emerging roles, driven by cloud adoption.”

Cloud computing models often require agencies to rethink their processes because cloud actually introduces a new velocity and a new cadence. “Cloud enables things to happen faster, often so fast that they actually break existing processes. A cloud consumer at one agency recently said, ‘thanks to cloud technology, we can actually get a new server in seven minutes, but for some reason it still takes me 30 days to get all the paperwork signed off.’ This can indicate existing bottle- necks in change and approval processes,” said VanHook.

Finally, the cloud procurement process is also creating some challenges for agencies. “Cloud computing tends to introduce new purchasing models – the “pay as you go” promise. Traditional government procure- ment processes, contract vehicles and budget cycles are undergoing an evolution today to embrace many of these new models.

BMC is leading the way when it comes to ad- dressing these cloud computing challenges. BMC is also making sure cloud services it of- fers directly are secure and meets FedRAMP certification. “FedRAMP defined a set of security controls and a common playing field,” said VanHook. “FedRAMP has forced all cloud vendors to scrutinize their security practices and improve security around their cloud services. It’s caused all of us to invest more in creating secure, robust and well-managed cloud services for government environments.”